IN THE SPECIFICATION: 

On page 1, replace the paragraph beginning on line one, with the paragraph 
shown below: 

RELATED APPLICATIONS 

This application is a non-provisional application claiming priority to U.S. 
provisional patent application serial number 60/105,891 filed on October 26, 1998, 
which is herein incorporated by reference, and is related to co-pending applications 
titled "Loading And Identifying A Digital Rights Management Operating System," 
U.S. patent application serial number 09/22761 1, "Key-based Secure Storage," U.S. 
patent application serial number 09/227568, "Digital Rights Management," U.S. 
patent application serial number 09/227559, and "Digital Rights Management 
Operating System," U.S. patent application serial number 09/227561, all filed on 
January 8, 1999 and assigned to the same assignee as the present application. 

On page 1, delete the paragraph beginning on line 15 with the words 
"RELATED APPLICATIONS" and ending on line 24 with the words "present 
application." 
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On page 48, amend the paragraph starting on line 2 and ending on line 20 as 
shown below: 

A general-purpose central proc e ssing unit processor (CPU) is configured 
with a new mechanism that facilitat e s facilitating an authenticated boot sequenceT 
Th e boot s e qu e nc e that provides the building blocks for client-side rights 
management when the system is online, and provides for continued protection of 
persistent data even when the system goes offline or is rebooted. The CPU is 
manufactur e d with includes a cryptographic key pair, and a manufacturer certificate 
testifying that the manufactur e manufacturer built the CPU according to a known 
specification , and an optional immutabl e symm e tric k e y KS . The operating system 
(OS) includes a unique block of code, r e f e rr e d to as th e or "boot block" . An OS 
id e ntity can b e e stablish e d from the boot block that can establish OS identity by 
e xtracting th e id e ntity extraction from a digitally signed the boot block or by 
computing a hash digest of the boot block. During booting, the CPU executes a 
single opcode, followed by the boot block, as an atomic operation to set the identity 
of the op e rating syst e m OS into the software identity register. Ex e cution of th e 
opcod e and th e boot block is atomic, such that th e softwar e id e ntity r e gist e r is s e t to 
e ith e r th e OS id e ntity (i. e ., boot block dig e st or OS public k e y) if th e combin e d 
op e ration is succ e ssful, or z e ro if som e thing subv e rts op e ration. Assuming success, 
th e CPU app e nds th e OS id e ntity to its boot log. Following this auth e nticat e d boot 
s e qu e nc e , th e The subscriber unit then can establish a chain of trust to prov e its 
hardwar e and softwar e to a content provider. Th e subscrib e r unit stores cont e nt 
from th e cont e nt provid e r in e ncrypt e d form using a storag e k e y that is g e n e rat e d as 
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a function of OS sp e cific and CPU sp e cific data, so that it can b e d e crypt e d only on 
th e sam e proc e ssor and by tho specifi e d OS. 
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